R
A post about identifying key areas of Configuration Manager (SCCM) infrastructure that defenders can implement for deception solutions
Deception and canary development implemented in SCCM can be used to alert upon cyber attacks and intrusions. This blog provides step by step guidance to implement deception solutions and use BloodHound OpenGraph for planning.
SpecterOps (specterops.io)
It is possible as a low privileged user to parse the Windows event logs for any ASR exclusion
While working on varying engagements i have been messing with Microsoft Attack Surface Reduction (ASR) quite a bit, since clients often use it to make the life of adversaries(and red teamers) just a tad harder. While working on these engagements i have compiled some tips and tricks in order to bypass/evade some of the rules that ASR offers. In this post i will dive into what ASR is and some of tips and tricks that i often use to bypass/cheese my way around said rules… So strap in and lets get going with some basic ASR understanding.
. .\Primusinterp (primusinterp.com)
This cheatsheet maps common impacket workflows to their modern alternatives
This cheatsheet maps common impacket workflows to their modern alternatives - GitHub - n00py/Outpacket: This cheatsheet maps common impacket workflows to their modern alternatives
GitHub (github.com)
The Live Terminal feature of Cortex XDR can be abused by attackers as a pre-installed, EDR-trusted C2 channel
The Cortex XDR agent includes an incident response feature called "Live Terminal", which attackers can abuse as a C2.
InfoGuard Labs (labs.infoguard.ch)
